[RESOLVED] Opera Browser ends when I enter Win 7 password to see saved passwords in settings
Page 1 of 4 123 ... LastLast
Results 1 to 15 of 51

Thread: [RESOLVED] Opera Browser ends when I enter Win 7 password to see saved passwords in settings

  1. #1
    Join Date
    Nov 1999
    Posts
    438

    Resolved [RESOLVED] Opera Browser ends when I enter Win 7 password to see saved passwords in settings

    I installed Bluestacks then uninstalled it using IOBit Uninstaller because I couldn't get it working.
    Ever since the install/uninstall, when I go into Opera, Settings-Privacy & Security-Show all Passwords and type in my Windows password, Opera ends as if I pressed X to close it.
    Before I used to get a small blank area to type my password in, now it shows a different window, see below.

    I tried to get Opera back into it's default settings by deleting the Opera Stable folder with no change. I even uninstalled and reinstalled Opera with no change to the problem.

    Opera


    I checked Google Chrome out and was able to fix it with a Chrome reset.
    Chrome shows only one window to enter a password. Not sure if this is what it was in the past because I don't use Chrome much.

    Chrome


    Firefox doesn't ask for a Windows password which is fine by me.

    I've tried a system restore both in Windows 7 and in Safe Mode and all 8 with this msg:
    System Restore failed to extract the original copy of the directory from the restore point.
    Source: %SystemRoot%\registration
    Destination: ComPlusStaging


    I tried to set msconfig to a selective startup, but when I try to turn off all services in the services tab except for Microsoft Services, as soon as I click ok, msconfig freezes and I need to reboot.

    I've ran the following scans:
    sfc /scannow on C:
    SUPERAntiSpyware
    Malwarebytes
    Spybot Search & Destroy
    CCleaner
    Advanced SystemCare
    HouseCall for Home Networks
    Avast Free Antivirus
    Trend Housecall
    F-SecureOnlineScanner
    RougeKiller with 33 Threats - 3 red Hj.Shortcut, 3 grays PUM.HomePage and PUM.SearchEngine, and the rest yellow PUP.....
    I don't know which ones are safe to delete so that window is still open.

    I have not installed AdwCleaner yet.
    I do have Windows backed up on a USB HD using Windows Backup & Restore
    I also have a backup using AOMEI Backupper.

    Can someone advise me on what I should do. Thanks in advance.

    My RougeKiller scan shows

    RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mark [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 11/23/2017 15:54:52 (Duration : 02:23:36)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Search Settings -> Found
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\APN PIP -> Found
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Link64 -> Found
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\YahooPartnerToolbar -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\APN PIP -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Link64 -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\YahooPartnerToolbar -> Found
    [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Found
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {03EB0E9C-7A91-4381-A220-9B52B641CDB1} : IObit Apps Toolbar -> Found
    [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {03EB0E9C-7A91-4381-A220-9B52B641CDB1} : IObit Apps Toolbar -> Found
    [PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WCAssistantService (C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe) -> Found
    [PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WCAssistantService (C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe) -> Found

    ¤¤¤ Tasks : 3 ¤¤¤
    [Hj.Shortcut] \{06A042C1-A4E6-4FE1-BA83-017A2F664DFD} -- "c:\program files (x86)\internet explorer\iexplore.exe" (http://ui.skype.com/ui/0/5.5.0.124/e...fered;disabled) -> Found
    [Hj.Shortcut] \{662EF20E-8AFE-49E9-85A6-C784C8930670} -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (http://ui.skype.com/ui/0/4.2.0.155/e...toolbaroffered) -> Found
    [Hj.Shortcut] \{A95C2512-1A1D-4CE4-99C9-7F71C22FCF7E} -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (http://ui.skype.com/ui/0/4.2.0.155/e...alreadyoffered) -> Found

    ¤¤¤ Files : 11 ¤¤¤
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion -> Found
    [PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate -> Found
    [PUP.Gen1][Folder] C:\Users\Mark\AppData\Roaming\Lavasoft\Web Companion -> Found
    [PUP.Tific][Folder] C:\Users\Mark\AppData\Roaming\Tific -> Found
    [PUP.Gen1][Folder] C:\Users\Mark\AppData\Local\SlimWare Utilities Inc -> Found
    [PUP.Gen1][Folder] C:\Users\Mark\AppData\Local\YSearchUtil -> Found
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion -> Found
    [PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate -> Found
    [PUP.Gen1][Folder] C:\Program Files\Uninstaller -> Found
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion -> Found
    [PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo_ff.xml -> Found

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 7 ¤¤¤
    [PUP.Gen2][Firefox:Addon] cro82bul.default-1405778775589 : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Found
    [PUP.Gen2][Firefox:Addon] px2us03v.default-1438862973166-1505776534346 : Video Downloader professional [ffext_basicvideoext@startpage24] -> Found
    [PUP.Gen2][Firefox:Addon] xja4n96y.Mark : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Found
    [PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> Found
    [PUM.HomePage][Firefox:Config] px2us03v.default-1438862973166-1505776534346 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/"); -> Found
    [PUM.SearchEngine][Firefox:Config] cro82bul.default-1405778775589 : user_pref("browser.search.selectedEngine", "Astromenda"); -> Found
    [PUM.SearchEngine][Firefox:Config] px2us03v.default-1438862973166-1505776534346 : user_pref("browser.search.defaultenginename", "Bing®"); -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3263GSX ATA Device +++++
    --- User ---
    [MBR] e43f5ce005e8915020c7e23b8a8aadfd
    [BSP] ce58651762c921c45f80955eb1e9033b : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 292890 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 600248320 | Size: 12154 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
    Last edited by COPO; November 23rd, 2017 at 10:16 PM.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  2. #2
    Join Date
    Nov 1999
    Posts
    438
    Maybe this should be moved to Intensive Care Unit since I received hits with RougeKiller.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  3. #3
    Join Date
    Nov 1999
    Posts
    438
    Currently Microsoft Windows Malicious Software Removal
    Tool which is online based and finds problems that other
    scan tools don’t. It takes long to run but so far has a count
    of 510 files infected after 8 hrs and is still running.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please complete all steps listed here: http://discussions.virtualdr.com/sho...d-4-28-2013%29

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

  5. #5
    Join Date
    Nov 1999
    Posts
    438
    Ran Avast with no virus's. Continuing with the procedure.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  6. #6
    Join Date
    Nov 1999
    Posts
    438
    I tried to create new post for my logs.

    Getting error when I try and post my Farbar log FRST.txt. I first tried posting both FRST and Addition logs and received the error, and still get the error with just FRST log.

    The following errors occurred with your submission
    The text that you have entered is too long (72320 characters). Please shorten it to 50000 characters long.

    Please provide next move...thx
    Last edited by COPO; November 25th, 2017 at 12:08 PM.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  7. #7
    Join Date
    Nov 1999
    Posts
    438

    Can't post my logs - The text that you have entered is too long

    I tried to create new post for my logs.

    Getting an error when I try to post my Farbar log FRST.txt. I first tried posting both FRST and Addition logs and received the error, and still get the error with just FRST log.

    The following errors occurred with your submission
    The text that you have entered is too long (72320 characters). Please shorten it to 50000 characters long.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  8. #8
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    Being careful, split the log across the needed number of posts.

  9. #9
    Join Date
    Nov 1999
    Posts
    438

    My Farbar scan logs

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2017 01
    Ran by Mark (administrator) on MARK-PC (25-11-2017 09:54:58)
    Running from C:\Users\Mark\Downloads
    Loaded Profiles: Mark (Available Profiles: Mark)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
    (Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    (Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Fred's Software) C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-18] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\System32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Policies\Explorer: [NoInstrumentation] 1
    HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
    HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\MountPoints2: E - E:\start.exe
    HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\MountPoints2: {c2c0cef6-d605-11df-b1da-001f16ed4bf8} - F:\LaunchU3.exe
    ShellExecuteHooks-x32: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - -> No File
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    CHR HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
    Tcpip\..\Interfaces\{CC07C2DC-CF04-4099-844D-6CCA965F6ECF}: [DhcpNameServer] 64.71.255.204 64.71.255.198

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
    HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {403CE8DA-BA42-478B-945D-BCD60FB70B3C} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {403CE8DA-BA42-478B-945D-BCD60FB70B3C} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL =
    SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> {20FBB4B0-33BF-49B9-A3C8-154A5CCA676F} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    SearchScopes: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL =
    SearchScopes: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-18] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-31] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-18] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2017-08-04] (IObit)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-31] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File
    Toolbar: HKLM-x32 - No Name - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No File
    Toolbar: HKLM-x32 - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File
    Toolbar: HKU\.DEFAULT -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No File
    Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: HKLM-x32 {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - No CLSID Value
    Handler: vipresg - No CLSID Value

    FireFox:
    ========
    FF DefaultProfile: px2us03v.default-1438862973166-1505776534346
    FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346 [2017-11-23]
    FF user.js: detected! => C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\user.js [2017-11-23]
    FF Homepage: Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346 -> hxxps://www.malwarebytes.org/restorebrowser/
    FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2017-09-22]
    FF Extension: (Avast Online Security) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\Extensions\wrc@avast.com.xpi [2017-11-18]
    FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2017-11-19]
    FF Extension: (No Name) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2017-10-26]
    FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\searchplugins\bing-lavasoft.xml [2017-11-03]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-12-19] [Lagacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2016-09-22] [Lagacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [vdultimate@link64] - C:\ProgramData\VideoDownloaderUltimate\Firefox\videodownloaderultimate.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Mark\AppData\Roaming\Move Networks
    FF Extension: (Move Media Player) - C:\Users\Mark\AppData\Roaming\Move Networks [2010-01-11] [Lagacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-21] ()
    FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-21] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-21] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-31] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-31] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-09-22] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-09-22] (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1757856145-4072474172-4118854403-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Mark\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll [2010-01-11] (Move Networks)
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  10. #10
    Join Date
    Nov 1999
    Posts
    438
    Chrome:
    =======
    CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default [2017-11-25]
    CHR Extension: (Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-22]
    CHR Extension: (Flash Video Downloader) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-09-24]
    CHR Extension: (Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-22]
    CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-24]
    CHR Extension: (IBM Security Rapport) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2017-11-22]
    CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-24]
    CHR Extension: (Adobe Acrobat) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-22]
    CHR Extension: (Video Downloader professional) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-09-24]
    CHR Extension: (Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-22]
    CHR Extension: (FBDown Video Downloader) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-09-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-26]
    CHR Extension: (Avast Online Security) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-11-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-24]
    CHR Extension: (Video Downloader Pro) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcgiflmicieegobmapobiohjeokdbcd [2017-09-24]
    CHR Extension: (Photobucket Embedded Image Fix) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogipgokcopooepeipngiikdkpmcpkaon [2017-11-22]
    CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-24]
    CHR Extension: (Chrome Media Router) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-22]
    CHR HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    Opera:
    =======
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-03-09] (SUPERAntiSpyware.com)
    R2 AdvancedSystemCareService11; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1053984 2017-11-01] (IObit)
    S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-18] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-18] (AVAST Software)
    S3 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2016-12-30] (AOMEI Tech Co., Ltd.)
    R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
    R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
    R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
    R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
    R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
    S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
    S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)
    S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
    S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    S4 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-11-03] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [51120 2016-12-22] ()
    R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-22] ()
    R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2016-12-22] ()
    R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-18] (AVAST Software)
    R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-18] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-18] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-18] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-18] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-18] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-03] (AVAST Software)
    R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-18] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-18] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-18] (AVAST Software)
    R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-18] (AVAST Software)
    R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-18] (AVAST Software)
    R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-18] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-18] (AVAST Software)
    S3 cpuz143; C:\Windows\temp\cpuz143\cpuz143_x64.sys [48960 2017-11-23] (CPUID)
    S3 csravrcp; C:\Windows\System32\DRIVERS\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Limited)
    S3 CsrBthAudioHF; C:\Windows\System32\DRIVERS\CsrBthAudioHF.sys [39120 2012-03-22] (Cambridge Silicon Radio Limited)
    S3 CsrBtPort; C:\Windows\System32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
    S3 csrhfgcc; C:\Windows\System32\DRIVERS\csrhfgcc.sys [38080 2012-03-22] (Cambridge Silicon Radio Limited)
    S3 csrpan; C:\Windows\System32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
    S3 csrserial; C:\Windows\System32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
    S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
    S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
    S3 csr_bthav; C:\Windows\System32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
    R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [75448 2016-03-17] ()
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
    S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2016-01-15] ()
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-07] (REALiX(tm))
    S3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [138752 2009-05-26] (Intel(R) Corporation) [File not signed]
    S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [14680 2016-12-21] (IObit)
    R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
    R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [21872 2017-09-28] (IObit.com)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-23] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-25] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-11-25] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-25] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-11-25] (Malwarebytes)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
    R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39504 2013-04-03] (IObit Information Technology)
    S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
    R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [384312 2017-09-28] (IBM Corp.)
    R1 RapportCerberus_1804077; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804077.sys [1271448 2017-10-03] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [585432 2017-09-28] (IBM Corp.)
    R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [253912 2017-09-28] (IBM Corp.)
    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [507960 2017-09-28] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [610616 2017-09-28] (IBM Corp.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) [File not signed]
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
    S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [216064 2009-06-04] (Realtek Semiconductor Corp.) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
    S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-01-14] (Western Digital Technologies)
    S3 cpuz140; \??\C:\Users\Mark\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
    U4 eabfiltr; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-25 09:54 - 2017-11-25 09:59 - 000030562 _____ C:\Users\Mark\Downloads\FRST.txt
    2017-11-25 09:54 - 2017-11-25 09:54 - 000000000 ____D C:\FRST
    2017-11-25 09:50 - 2017-11-25 09:51 - 002393088 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
    2017-11-24 00:07 - 2017-11-24 00:08 - 038601376 _____ (Microsoft Corporation) C:\Users\Mark\Desktop\Windows-KB890830-x64-V5.54.exe
    2017-11-23 23:35 - 2017-11-23 23:35 - 000007971 _____ C:\Users\Mark\Documents\AdwCleaner[S0].txt
    2017-11-23 23:18 - 2017-11-23 23:33 - 000000000 ____D C:\AdwCleaner
    2017-11-23 20:41 - 2017-11-23 20:41 - 000011142 _____ C:\Users\Mark\Documents\rk_CB4F.tmp.txt
    2017-11-23 15:54 - 2017-11-23 15:54 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-11-23 15:52 - 2017-11-23 23:14 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-11-23 15:52 - 2017-11-23 15:52 - 000000824 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2017-11-23 15:52 - 2017-11-23 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-11-23 15:52 - 2017-11-23 15:52 - 000000000 ____D C:\Program Files\RogueKiller
    2017-11-23 15:50 - 2017-11-23 15:51 - 036141704 _____ (Adlice Software ) C:\Users\Mark\Downloads\RogueKiller_setup.exe
    2017-11-23 15:46 - 2017-11-23 15:46 - 036141704 _____ (Adlice Software ) C:\Users\Mark\Downloads\RogueKiller_setup_ref3.exe
    2017-11-23 15:41 - 2017-11-23 15:42 - 001267376 _____ (Opera Software) C:\Users\Mark\Downloads\OperaSetup (1).exe
    2017-11-23 14:23 - 2017-11-23 14:23 - 000000000 ____D C:\ProgramData\SWCUTemp
    2017-11-23 12:06 - 2017-11-25 08:47 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-11-23 12:06 - 2017-11-25 08:47 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-11-23 11:31 - 2017-11-23 13:39 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2017-11-23 11:30 - 2017-11-25 08:47 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2017-11-23 11:30 - 2017-11-25 08:47 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-11-23 11:22 - 2017-11-25 09:15 - 001125308 _____ C:\Windows\ntbtlog.txt
    2017-11-23 10:51 - 2017-11-23 10:51 - 000003046 _____ C:\Windows\System32\Tasks\ASC_ASCTray_Auto
    2017-11-23 10:51 - 2017-11-23 10:51 - 000003010 _____ C:\Windows\System32\Tasks\ASC11_PerformanceMonitor
    2017-11-23 10:51 - 2017-11-23 10:51 - 000002814 _____ C:\Windows\System32\Tasks\ASC11_SkipUac_Mark
    2017-11-23 10:50 - 2017-11-23 10:51 - 000002276 _____ C:\Users\Public\Desktop\Advanced SystemCare 11.lnk
    2017-11-23 10:50 - 2017-11-23 10:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
    2017-11-23 10:45 - 2017-11-23 10:46 - 027364968 _____ (IObit ) C:\Users\Mark\Downloads\advanced-systemcare-setup.exe
    2017-11-23 10:31 - 2017-10-17 11:40 - 000334488 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
    2017-11-23 09:38 - 2017-11-23 09:38 - 000001835 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-11-23 09:38 - 2017-11-23 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-11-23 09:38 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-11-23 09:32 - 2017-11-23 09:34 - 078346672 _____ (Malwarebytes ) C:\Users\Mark\Downloads\mb3-setup-consumer-3.3.1.2183.exe
    2017-11-23 00:20 - 2017-11-23 14:53 - 000003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1511414423
    2017-11-23 00:20 - 2017-11-23 00:20 - 000001057 _____ C:\Users\Public\Desktop\Opera Browser.lnk
    2017-11-23 00:20 - 2017-11-23 00:20 - 000001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
    2017-11-23 00:20 - 2017-11-23 00:20 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Opera Software
    2017-11-23 00:19 - 2017-11-23 14:53 - 000000000 ____D C:\Program Files\Opera
    2017-11-22 23:50 - 2017-11-23 00:16 - 000001377 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-11-22 20:52 - 2017-11-22 20:52 - 001529288 _____ C:\Users\Mark\Downloads\opera bookmarks_11_22_17.html
    2017-11-22 18:24 - 2017-11-22 18:24 - 001266208 _____ (Opera Software) C:\Users\Mark\Downloads\OperaSetup.exe
    2017-11-19 19:57 - 2017-11-19 19:57 - 000000000 ____D C:\Users\Mark\AppData\Local\{E3662224-D4C6-48CF-AD1A-6CA4BFE57D39}
    2017-11-19 16:07 - 2017-11-23 16:07 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMark
    2017-11-19 16:07 - 2017-11-23 16:07 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForMark.job
    2017-11-19 15:58 - 2017-11-19 15:58 - 000000000 ____D C:\Program Files\HP
    2017-11-19 08:41 - 2017-11-23 10:27 - 000000000 ____D C:\Users\Mark\Documents\Bkup Registry
    2017-11-18 15:53 - 2017-11-18 15:52 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
    2017-11-18 15:52 - 2017-11-18 15:52 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-11-15 14:50 - 2017-11-15 14:50 - 010849904 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup537.exe
    2017-11-15 09:51 - 2017-11-15 09:51 - 000000000 ____D C:\Users\Mark\AppData\Local\{9F1CD44F-1046-44AE-85CF-EF87EA5A8D13}
    2017-11-14 22:29 - 2017-10-18 02:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-11-14 22:29 - 2017-10-18 01:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-11-14 22:29 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2017-11-14 22:29 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2017-11-14 22:29 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2017-11-14 22:29 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2017-11-14 22:29 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2017-11-14 22:29 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2017-11-14 22:29 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2017-11-14 22:29 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2017-11-14 22:29 - 2017-10-16 17:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-11-14 22:29 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
    2017-11-14 22:29 - 2017-10-14 03:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-11-14 22:29 - 2017-10-14 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-11-14 22:29 - 2017-10-14 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-11-14 22:29 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-11-14 22:29 - 2017-10-14 03:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-11-14 22:29 - 2017-10-14 03:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-11-14 22:29 - 2017-10-14 03:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-11-14 22:29 - 2017-10-14 03:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-11-14 22:29 - 2017-10-14 03:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-11-14 22:29 - 2017-10-14 03:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-11-14 22:29 - 2017-10-14 03:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-11-14 22:29 - 2017-10-14 03:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-11-14 22:29 - 2017-10-14 03:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-11-14 22:29 - 2017-10-14 03:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-11-14 22:29 - 2017-10-14 03:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-11-14 22:29 - 2017-10-14 03:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-11-14 22:29 - 2017-10-14 03:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-11-14 22:29 - 2017-10-14 02:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-11-14 22:29 - 2017-10-14 02:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-11-14 22:29 - 2017-10-14 02:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-11-14 22:29 - 2017-10-14 02:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-11-14 22:29 - 2017-10-14 02:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-11-14 22:29 - 2017-10-14 02:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-11-14 22:29 - 2017-10-14 02:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-11-14 22:29 - 2017-10-14 02:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-11-14 22:29 - 2017-10-14 02:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-11-14 22:29 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-11-14 22:29 - 2017-10-14 02:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-11-14 22:29 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-11-14 22:29 - 2017-10-14 02:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-11-14 22:29 - 2017-10-14 02:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-11-14 22:29 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-11-14 22:29 - 2017-10-14 02:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-11-14 22:29 - 2017-10-14 02:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-11-14 22:29 - 2017-10-14 02:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-11-14 22:29 - 2017-10-14 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-11-14 22:29 - 2017-10-14 01:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-11-14 22:29 - 2017-10-14 01:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-11-14 22:29 - 2017-10-14 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-11-14 22:29 - 2017-10-14 01:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-11-14 22:29 - 2017-10-14 01:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-11-14 22:29 - 2017-10-14 01:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-11-14 22:29 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-11-14 22:29 - 2017-10-14 01:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-11-14 22:29 - 2017-10-14 01:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-11-14 22:29 - 2017-10-14 01:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-11-14 22:29 - 2017-10-14 01:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-11-14 22:29 - 2017-10-14 01:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-11-14 22:29 - 2017-10-14 01:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-11-14 22:29 - 2017-10-14 01:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-11-14 22:29 - 2017-10-14 01:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-11-14 22:29 - 2017-10-14 01:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-11-14 22:29 - 2017-10-14 01:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-11-14 22:29 - 2017-10-14 01:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-11-14 22:29 - 2017-10-14 01:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-11-14 22:29 - 2017-10-14 01:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-11-14 22:29 - 2017-10-14 01:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-11-14 22:29 - 2017-10-14 01:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-11-14 22:29 - 2017-10-14 01:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-11-14 22:29 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-11-14 22:29 - 2017-10-14 01:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-11-14 22:29 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-11-14 22:29 - 2017-10-14 01:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-11-14 22:29 - 2017-10-14 01:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-11-14 22:29 - 2017-10-14 01:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-11-14 22:29 - 2017-10-14 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-11-14 22:29 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2017-11-14 22:29 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2017-11-14 22:29 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2017-11-14 22:29 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2017-11-14 22:29 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-11-14 22:29 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2017-11-14 22:29 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2017-11-14 22:29 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2017-11-14 22:29 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2017-11-14 22:29 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-11-14 22:29 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-11-14 22:29 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2017-11-14 22:29 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2017-11-14 22:29 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2017-11-14 22:29 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2017-11-14 22:29 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2017-11-14 22:29 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2017-11-14 22:29 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2017-11-14 22:29 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
    2017-11-14 22:29 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-11-14 21:59 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-11-14 21:59 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-11-14 21:59 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-11-14 21:59 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2017-11-14 21:59 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-11-14 21:59 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-11-14 21:59 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-11-14 21:59 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-11-14 21:59 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-11-14 21:59 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-11-12 15:09 - 2017-11-25 08:01 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
    2017-11-12 15:07 - 2017-11-12 15:07 - 010427120 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup536.exe
    2017-11-04 22:31 - 2017-11-04 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-11-04 22:28 - 2017-11-04 22:28 - 000001707 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-11-04 22:28 - 2017-11-04 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-11-03 09:33 - 2017-11-03 09:33 - 000000000 ____D C:\Users\Mark\AppData\Local\Lavasoft
    2017-11-03 09:33 - 2017-11-03 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2017-11-03 09:32 - 2017-11-03 09:32 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Lavasoft
    2017-11-03 09:32 - 2017-11-03 09:32 - 000000000 ____D C:\ProgramData\Lavasoft
    2017-11-03 09:32 - 2017-11-03 09:32 - 000000000 ____D C:\Program Files (x86)\Lavasoft
    2017-11-02 14:29 - 2017-11-02 14:30 - 142780468 _____ C:\Users\Mark\Downloads\2017_Chevrolet_Performance_Catalog-Med.pdf
    2017-10-31 11:20 - 2017-10-31 11:20 - 000000000 ____D C:\Users\Mark\Documents\ProcAlyzer Dumps
    2017-10-31 08:23 - 2017-10-31 08:23 - 000001413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2017-10-31 08:23 - 2017-10-31 08:23 - 000001401 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2017-10-31 08:23 - 2017-10-31 08:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2017-10-31 08:22 - 2017-05-23 08:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
    2017-10-31 08:15 - 2017-10-31 08:15 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybotsd-2.6.46.exe
    2017-10-30 14:32 - 2017-10-30 14:32 - 000088114 _____ C:\Users\Mark\Documents\pumpkin.pptx
    2017-10-27 09:37 - 2017-10-27 09:37 - 000000000 ____D C:\Users\Mark\AppData\Local\{08D151F7-7F7B-4197-B310-C7EC74D4974A}

    ==================== One Month Modified files and folders ========
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  11. #11
    Join Date
    Nov 1999
    Posts
    438
    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-25 09:03 - 2009-07-13 23:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-11-25 09:03 - 2009-07-13 23:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-11-25 08:46 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-11-25 07:59 - 2017-06-28 21:30 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2017-11-24 06:33 - 2009-11-19 16:49 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8973F2BD-762D-44DD-AECE-A259F72FE680}
    2017-11-24 00:14 - 2017-10-11 15:17 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2017-11-24 00:14 - 2009-11-17 14:50 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-11-23 20:20 - 2016-11-30 18:10 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\Mozilla
    2017-11-23 14:55 - 2017-06-04 10:45 - 000000000 ___RD C:\Users\Mark\iCloudDrive
    2017-11-23 13:35 - 2009-07-14 00:13 - 000913706 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-11-23 13:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
    2017-11-23 13:03 - 2017-09-03 09:26 - 000000000 ____D C:\Users\Mark\Documents\ScopeView
    2017-11-23 11:30 - 2016-03-17 22:01 - 000000000 ____D C:\Users\Mark\AppData\Local\FSDART
    2017-11-23 10:51 - 2013-12-09 21:46 - 000000000 ____D C:\ProgramData\ProductData
    2017-11-23 10:49 - 2013-01-11 13:09 - 000000000 ____D C:\Program Files (x86)\IObit
    2017-11-23 09:38 - 2017-01-15 17:10 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-11-23 00:23 - 2017-02-06 10:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
    2017-11-23 00:20 - 2015-10-02 20:06 - 000000000 ____D C:\Users\Mark\AppData\Local\Opera Software
    2017-11-22 23:35 - 2017-05-06 10:56 - 000001024 ____H C:\SYSTAG.BIN
    2017-11-22 23:35 - 2017-02-06 10:11 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat
    2017-11-22 18:09 - 2010-02-03 10:55 - 000000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
    2017-11-22 17:09 - 2009-07-13 22:20 - 000000000 __RHD C:\Users\Public\Libraries
    2017-11-22 16:33 - 2017-05-20 11:13 - 000000000 ____D C:\Users\Mark\Documents\Backup My Outlook
    2017-11-21 10:25 - 2015-02-09 21:03 - 003078082 _____ C:\Users\Mark\AppData\Local\census.cache
    2017-11-21 10:24 - 2015-02-09 21:03 - 000124448 _____ C:\Users\Mark\AppData\Local\ars.cache
    2017-11-21 09:51 - 2015-02-09 21:02 - 000000010 _____ C:\Users\Mark\AppData\Local\sponge.last.runtime.cache
    2017-11-21 08:57 - 2016-04-09 20:46 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-11-21 08:57 - 2016-04-09 20:46 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-11-21 08:57 - 2016-04-09 20:46 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-11-21 08:57 - 2011-11-18 09:23 - 000000000 ____D C:\Windows\system32\Macromed
    2017-11-21 08:57 - 2009-08-17 14:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2017-11-20 12:30 - 2012-04-26 08:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-11-19 15:59 - 2009-12-19 02:06 - 000000000 ____D C:\ProgramData\HP
    2017-11-19 10:33 - 2015-12-16 18:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-11-19 10:33 - 2011-10-11 10:46 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Mozilla
    2017-11-18 18:43 - 2016-04-09 20:46 - 000004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2017-11-18 18:43 - 2014-06-16 22:25 - 000000000 ____D C:\Users\Mark\AppData\Local\Adobe
    2017-11-18 15:54 - 2017-06-28 21:30 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-11-18 15:52 - 2017-06-28 21:30 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151103844051203
    2017-11-18 15:52 - 2017-06-28 21:30 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2017-11-18 15:52 - 2017-06-28 21:30 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2017-11-18 15:52 - 2017-06-28 21:30 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2017-11-18 15:52 - 2017-06-28 21:30 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-11-18 15:52 - 2017-06-28 21:30 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-11-18 15:52 - 2017-06-28 21:30 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-11-18 15:51 - 2017-06-28 21:30 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2017-11-18 15:51 - 2017-06-28 21:30 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
    2017-11-18 15:51 - 2017-06-28 21:30 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
    2017-11-18 15:51 - 2017-06-28 21:30 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
    2017-11-18 15:51 - 2017-06-28 21:29 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
    2017-11-16 09:48 - 2015-08-11 14:51 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-11-16 09:46 - 2015-08-11 14:50 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-11-15 14:55 - 2016-03-26 14:45 - 000000784 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2017-11-15 11:01 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
    2017-11-15 08:59 - 2017-09-24 21:54 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-11-15 08:59 - 2017-09-24 21:54 - 000002104 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-11-14 23:42 - 2009-07-13 23:45 - 000447792 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-11-14 23:37 - 2014-12-10 10:58 - 000000000 ____D C:\Windows\system32\appraiser
    2017-11-14 23:14 - 2013-03-29 09:05 - 000906320 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-11-13 15:00 - 2017-09-24 21:53 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-11-13 15:00 - 2017-09-24 21:53 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-11-12 15:11 - 2010-09-13 13:01 - 000000000 ____D C:\Windows\Minidump
    2017-11-12 15:09 - 2016-03-26 14:45 - 000000000 ____D C:\Program Files\CCleaner
    2017-11-06 12:36 - 2017-06-04 10:49 - 000000000 ____D C:\Users\Mark\AppData\Local\B9ED4CE5-3058-436B-A43E-52ABC65F544E.aplzod
    2017-11-04 22:28 - 2015-08-18 20:21 - 000000000 ____D C:\Program Files\iTunes
    2017-11-04 22:28 - 2014-07-23 19:18 - 000000000 ____D C:\Program Files\iPod
    2017-11-03 09:31 - 2017-05-20 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    2017-11-03 09:31 - 2017-01-03 11:48 - 000001376 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
    2017-11-03 09:31 - 2015-12-07 11:29 - 000001388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
    2017-11-01 22:48 - 2017-03-11 14:54 - 000036599 _____ C:\Users\Mark\AppData\Roaming\Comma Separated Values (Windows).ADR
    2017-10-31 20:12 - 2015-10-23 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-10-31 20:11 - 2015-10-23 11:09 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2017-10-31 20:11 - 2009-08-17 15:56 - 000000000 ____D C:\Program Files (x86)\Java
    2017-10-31 11:16 - 2016-01-10 10:19 - 000000168 _____ C:\Windows\wininit.ini
    2017-10-31 11:16 - 2014-01-23 23:56 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-10-31 11:16 - 2014-01-17 09:56 - 000000000 ____D C:\Users\Mark\AppData\Local\SlimWare Utilities Inc
    2017-10-31 08:24 - 2014-01-23 23:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

    ==================== Files in the root of some directories =======

    2016-02-16 00:03 - 2016-02-16 00:03 - 000003448 _____ () C:\Users\Mark\backup 02 16 2016.reg
    2011-05-05 09:31 - 2011-05-05 09:31 - 000000654 _____ () C:\Program Files (x86)\RejoinCommandLine.txt
    2015-09-08 23:02 - 2015-09-09 08:21 - 000000626 _____ () C:\Users\Mark\AppData\Roaming\All CPU MeterV3_Settings.ini
    2013-10-26 19:48 - 2013-10-26 19:48 - 000000067 _____ () C:\Users\Mark\AppData\Roaming\Camdata.ini
    2013-10-26 19:48 - 2013-10-26 19:48 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamLayout.ini
    2013-10-26 19:48 - 2013-10-26 19:48 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamShapes.ini
    2013-10-26 19:48 - 2013-10-26 19:48 - 000004416 _____ () C:\Users\Mark\AppData\Roaming\CamStudio.cfg
    2017-03-11 14:54 - 2017-11-01 22:48 - 000036599 _____ () C:\Users\Mark\AppData\Roaming\Comma Separated Values (Windows).ADR
    2011-01-21 09:26 - 2011-09-16 08:37 - 000001854 _____ () C:\Users\Mark\AppData\Roaming\GhostObjGAFix.xml
    2017-10-22 20:12 - 2017-10-22 20:24 - 000000166 _____ () C:\Users\Mark\AppData\Roaming\PLGComp.ini
    2012-04-15 22:01 - 2014-11-16 19:34 - 000001078 _____ () C:\Users\Mark\AppData\Roaming\Rim.Desktop.Exception.log
    2012-04-15 21:59 - 2016-02-28 17:20 - 000002889 _____ () C:\Users\Mark\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2012-04-15 22:01 - 2014-11-16 19:34 - 000001078 _____ () C:\Users\Mark\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2014-02-09 19:25 - 2014-02-09 19:31 - 000000106 _____ () C:\Users\Mark\AppData\Roaming\SBAMWsc.log
    2013-08-19 17:48 - 2016-09-12 20:11 - 000000600 _____ () C:\Users\Mark\AppData\Roaming\winscp.rnd
    2015-02-09 21:03 - 2017-11-21 10:24 - 000124448 _____ () C:\Users\Mark\AppData\Local\ars.cache
    2009-11-17 21:18 - 2009-11-17 21:18 - 000000000 _____ () C:\Users\Mark\AppData\Local\AtStart.txt
    2015-02-09 21:03 - 2017-11-21 10:25 - 003078082 _____ () C:\Users\Mark\AppData\Local\census.cache
    2011-09-07 08:33 - 2015-08-19 09:47 - 000205312 _____ () C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2009-11-17 21:18 - 2009-11-17 21:18 - 000000000 _____ () C:\Users\Mark\AppData\Local\DSwitch.txt
    2014-01-24 15:55 - 2014-01-24 15:55 - 000000036 _____ () C:\Users\Mark\AppData\Local\housecall.guid.cache
    2015-01-12 14:11 - 2015-01-12 14:11 - 000000001 _____ () C:\Users\Mark\AppData\Local\llftool.4.25.agreement
    2015-02-07 10:01 - 2016-05-01 17:44 - 000000600 _____ () C:\Users\Mark\AppData\Local\PUTTY.RND
    2009-11-17 21:18 - 2009-11-17 21:18 - 000000000 _____ () C:\Users\Mark\AppData\Local\QSwitch.txt
    2012-11-29 22:54 - 2017-06-27 21:56 - 000007628 _____ () C:\Users\Mark\AppData\Local\Resmon.ResmonCfg
    2015-02-09 21:02 - 2017-11-21 09:51 - 000000010 _____ () C:\Users\Mark\AppData\Local\sponge.last.runtime.cache
    2016-12-14 16:27 - 2016-12-14 16:27 - 000000000 _____ () C:\Users\Mark\AppData\Local\{4083F7BF-1E4D-4F00-9501-72D09D94508F}
    2016-12-18 08:12 - 2016-12-18 08:12 - 000000000 _____ () C:\Users\Mark\AppData\Local\{599D0F20-6DC7-4E7A-B94B-B8FDBF8D8898}

    Some files in TEMP:
    ====================
    2017-11-23 15:53 - 2017-09-13 10:31 - 001732864 _____ (Microsoft Corporation) C:\Users\Mark\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-11-19 12:56

    ==================== End of FRST.txt ============================
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  12. #12
    Join Date
    Nov 1999
    Posts
    438
    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
    Ran by Mark (25-11-2017 10:01:22)
    Running from C:\Users\Mark\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2009-11-18 02:06:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1757856145-4072474172-4118854403-500 - Administrator - Disabled)
    Guest (S-1-5-21-1757856145-4072474172-4118854403-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1757856145-4072474172-4118854403-1002 - Limited - Enabled)
    Mark (S-1-5-21-1757856145-4072474172-4118854403-1000 - Administrator - Enabled) => C:\Users\Mark

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
    Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
    Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
    Advanced SystemCare 11 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 11.0.3 - IObit)
    AnalogX POW! (HKLM-x32\...\AnalogX POW!) (Version: - AnalogX)
    AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
    Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
    Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.05 - Avanquest Software)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
    BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.151 - Bitdefender)
    Blacks (HKLM-x32\...\Blacks) (Version: 4.8.8 - CEWE Stiftung u Co. KGaA)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
    Connect (HKLM-x32\...\Connect) (Version: 1.4.14232.0 - Cisco Consumer Products LLC)
    CRG First Gen Camaro Decoder (HKLM-x32\...\CRG First Gen Camaro Decoder) (Version: - )
    CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
    DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
    FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
    Focus Magic 4.02a (HKLM-x32\...\Focus Magic_is1) (Version: 4.02a - Acclaim Software Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
    HouseCall for Home Networks (HKLM\...\DRScanner) (Version: 2.1.1175 - Trend Micro Inc.)
    HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
    HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.37.11 - HP Inc.)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
    HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
    iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
    inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.1.0.19 - IObit)
    iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
    Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
    LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
    MailWasher (HKLM-x32\...\{6274A6B6-DF02-48A4-940D-F18775909906}) (Version: 7.11 - Firetrust)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
    Microsoft Image Composer 1.5 (HKLM-x32\...\Image Composer) (Version: - )
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft Outlook Personal Folders Backup (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
    Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
    Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
    Motorola Phone Tools (HKLM-x32\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.0.4a 11-22-2005 - Avanquest Software)
    Move Media Player (HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Move Media Player) (Version: - Move Networks)
    Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
    Opera Stable 49.0.2725.47 (HKLM-x32\...\Opera 49.0.2725.47) (Version: 49.0.2725.47 - Opera Software)
    Photo Transfer App (HKLM-x32\...\com.erclab.air.phototransferapp) (Version: 2.7.1 - UNKNOWN)
    PixBuilder Studio 2.2.0 (HKLM-x32\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version: - WnSoft)
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
    PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
    PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
    PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
    Protected Folder (HKLM-x32\...\Protected Folder_is1) (Version: - IObit)
    QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden
    RealDownloader (HKLM-x32\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
    RogueKiller version 12.11.25.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.25.0 - Adlice Software)
    SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
    ScopeView (HKLM-x32\...\{E292525D-F43E-4295-A708-B4D6A7DF75ED}) (Version: 1.1.0.0 - ScopeView-Setup)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
    SP45990 - Wallpaper Picture Position Enabler for Windows 7 (HKLM-x32\...\{86391634-A94B-4355-8397-3D85C2F942DA}) (Version: 1.0.0 - Hewlett-Packard International Pte. Ltd.)
    Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
    Spotify (HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
    Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.161 - Trusteer)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
    VideoDownloaderUltimate for Firefox (HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\VideoDownloaderUltimate_Firefox) (Version: - Link64)
    VIPRE Internet Security (HKLM-x32\...\{8F943FD1-CC89-47DF-A972-DC602B52A047}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
    vs2015_redist x64 (HKLM\...\{EAED8692-5B63-4665-B857-D626633691DA}) (Version: 1.0.0.0 - Realnetworks) Hidden
    vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
    Web Companion (HKLM-x32\...\{364541e3-18aa-46f1-85ec-373f934ca940}) (Version: 3.2.1708.3237 - Lavasoft)
    WebFerret (HKLM-x32\...\WebFerret) (Version: - CNET Networks)
    Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
    Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
    Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
    Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
    Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
    WinSCP 5.1.6 (HKLM-x32\...\winscp3_is1) (Version: 5.1.6 - Martin Prikryl)
    WinZip 11.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B3}) (Version: 11.0.7313 - WinZip International LLC)
    WizTree v2.01 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
    WOT for Internet Explorer (HKLM-x32\...\{DB6BD5D5-8482-45C0-99CF-745C5B924497}) (Version: 9.4.14.0 - Against Intuition Oy)
    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
    CustomCLSID: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
    CustomCLSID: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
    ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
    ContextMenuHandlers1: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => -> No File
    ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
    ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2013-04-03] (IObit)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
    ContextMenuHandlers1: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => -> No File
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
    ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2006-11-10] (WinZip Computing LP)
    ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
    ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
    ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2013-04-03] (IObit)
    ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
    ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2006-11-10] (WinZip Computing LP)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-11] (Intel Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
    ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2013-04-03] (IObit)
    ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2006-11-10] (WinZip Computing LP)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {040DA2DF-B8AE-40BC-BABD-F2128462CD01} - System32\Tasks\{06A042C1-A4E6-4FE1-BA83-017A2F664DFD} => "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
    Task: {0A721E70-039D-4EF2-96B1-2062C1432C39} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1757856145-4072474172-4118854403-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {0B29E420-80E2-45F4-8C97-37D58EF56389} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-10-24] (IObit)
    Task: {0E128513-BA5D-4D6A-8ED0-85FF8DB4CDA8} - System32\Tasks\DRScanner Startup => C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe [2017-08-25] (Trend Micro Inc.)
    Task: {0FB37E43-451A-4D00-B56B-B5046739257C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {14C95FDC-EF19-4F99-8187-4B74C5C69701} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
    Task: {15859EAE-FB44-40BE-8716-B0735B087586} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {178C2715-30B6-4C85-9350-C00BCB32A2D4} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
    Task: {22E79A28-88E5-4992-A657-8F5E849DA229} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
    Task: {22EFE924-1E39-440E-A474-B720FBFE6FDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {29418111-CA72-42C6-86C6-CABFA891E142} - System32\Tasks\Uninstaller_SkipUac_Mark => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-10-24] (IObit)
    Task: {387C7256-399F-466A-8AA3-DBC6750AB813} - System32\Tasks\{23BE6878-DB76-47BE-944F-61513EC9F84D} => C:\Windows\system32\pcalua.exe -a C:\Users\Mark\Downloads\powi(1).exe
    Task: {3B564F36-C780-4D00-B555-72634EBD19C9} - System32\Tasks\ASC11_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
    Task: {3EC78E14-DEBC-4BA5-8C7B-D5F486B67C0C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
    Task: {4453C87C-FDD8-4836-832A-A12B731450F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
    Task: {4C38CC12-3A7E-409E-85B4-663DDDEA28FB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-18] (Adobe Systems Incorporated)
    Task: {528C4BB4-B35C-4DA8-AFF4-2BE7FF50A887} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {52F9DAA3-3410-4D61-B8D9-7B36D0C42887} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-18] (AVAST Software)
    Task: {5C357C87-9883-45C1-9FB5-C68A97C70647} - System32\Tasks\ASC_ASCTray_Auto => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
    Task: {64E0076C-0C28-4912-874A-28149C8CCED3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-21] (Adobe Systems Incorporated)
    Task: {6562C1B8-48EC-445A-826B-1088066C8469} - System32\Tasks\ASC11_SkipUac_Mark => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
    Task: {793BD101-9641-4511-AD2F-8F31B4F18596} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-19] ()
    Task: {8B08866E-ED15-4E35-8FA6-D0A922F9905D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
    Task: {97F51D74-02B4-4435-9F74-BDA5B44905A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-24] (Google Inc.)
    Task: {A6EC1313-3BDD-40E0-9385-E111DE394784} - System32\Tasks\Opera scheduled Autoupdate 1511414423 => C:\Program Files\Opera\launcher.exe [2017-11-23] (Opera Software)
    Task: {B0327B53-8E59-40E5-B4CA-6D416820F16D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {B095ED15-D903-415D-A9F1-3D20F09379CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {B1F2FF49-3670-436A-B3E5-ADF614C57C89} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
    Task: {B79D4E05-4C45-4248-9010-1F7D3C9CFDA2} - System32\Tasks\{A95C2512-1A1D-4CE4-99C9-7F71C22FCF7E} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/4.2.0.155/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;alreadyoffered
    Task: {BB3ED22B-4C64-4A26-8BE3-4C70FB75A634} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-24] (Google Inc.)
    Task: {C423D61D-F5AA-4CC5-8345-FE55139109CC} - System32\Tasks\{662EF20E-8AFE-49E9-85A6-C784C8930670} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/4.2.0.155/en/abandoninstall?source=lightinstaller&page=tsGoogle&installinfo=google-toolbarffered-installed,google-chrome:notoffered;toolbaroffered
    Task: {C90F9721-AD5C-4DFE-A6B6-AE790DB99759} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757856145-4072474172-4118854403-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {CBD5C707-EE06-4E44-8239-092820FA71BE} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {CC505B3A-34D6-4181-8FF1-D9DC19674B72} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
    Task: {D9A9034D-9D28-4701-A299-4825C0051047} - System32\Tasks\{9FE35329-297B-4309-B5DC-DF6E584C8F50} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AnalogX\POW\powu.exe" -d "C:\Program Files (x86)\AnalogX\POW\" -c -Update
    Task: {EC76ED2C-1495-4979-8458-010676D3B874} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
    Task: {F0F4DD39-E362-414E-A91B-45E9986A9324} - System32\Tasks\SafeZone scheduled Autoupdate 1498703693 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
    Task: {FC696DA4-F25F-4CEC-BA5B-FEA1B12B0F01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Shortcuts & WMI ========================
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  13. #13
    Join Date
    Nov 1999
    Posts
    438
    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-11-23 09:38 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-11-23 09:38 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-11-18 15:52 - 2017-11-18 15:52 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
    2017-11-18 15:51 - 2017-11-18 15:51 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
    2017-11-18 15:52 - 2017-11-18 15:52 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
    2017-11-18 15:52 - 2017-11-18 15:52 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
    2017-09-29 05:32 - 2017-09-29 05:32 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
    2017-11-15 08:59 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
    2017-11-15 08:59 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
    2017-11-18 15:51 - 2017-11-18 15:51 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
    2017-11-18 15:51 - 2017-11-18 15:51 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-11-18 15:52 - 2017-11-18 15:52 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-11-18 15:52 - 2017-11-18 15:52 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2017-11-18 15:52 - 2017-11-18 15:52 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
    2017-11-25 08:27 - 2017-11-25 08:27 - 005881920 _____ () C:\Program Files\AVAST Software\Avast\defs\17112406\algo.dll
    2017-11-18 15:52 - 2017-11-18 15:52 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2017-11-18 15:51 - 2017-11-18 15:51 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2017-08-24 15:22 - 2017-08-24 15:22 - 003068560 _____ () C:\Program Files (x86)\Trend Micro\DRScanner\sdk\DrsSDK.dll
    2017-09-29 05:32 - 2017-09-29 05:32 - 000073384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2017-06-28 21:28 - 2017-06-28 21:28 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-11-18 15:51 - 2017-11-18 15:51 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2017-11-03 09:30 - 2017-05-22 10:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2017-11-03 09:30 - 2017-05-22 10:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2017-11-03 09:30 - 2017-05-22 10:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2017-11-03 09:31 - 2017-05-22 10:17 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
    2017-11-03 09:30 - 2017-05-23 17:57 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
    2017-11-03 09:30 - 2017-05-22 10:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [127]
    AlternateDataStreams: C:\ProgramData\Temp1B5B4F1 [112]
    AlternateDataStreams: C:\Users\Mark\Downloads\wiztree_2_01_setup.exe:BDU [0]

    ==================== Safe Mode (Whitelisted) ===================
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  14. #14
    Join Date
    Nov 1999
    Posts
    438
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
    IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
    IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
    IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com

    There are 11403 more sites.

    IE trusted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\virtualdr.com -> hxxp://discussions.virtualdr.com
    IE trusted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\yahoo.com -> hxxps://downloads.yahoo.com
    IE trusted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\youtube.com -> hxxp://www.youtube.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\1-2005-search.com -> www.1-2005-search.com

    There are 12727 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-11-15 10:38 - 2017-06-28 21:30 - 000450093 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15461 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 64.71.255.204 - 64.71.255.198
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: !SASCORE => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AdvancedSystemCareService7 => 2
    MSCONFIG\Services: AdvancedSystemCareService8 => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Application Updater => 2
    MSCONFIG\Services: Com4QLBEx => 3
    MSCONFIG\Services: GameConsoleService => 3
    MSCONFIG\Services: GeekBuddyRSP => 2
    MSCONFIG\Services: gfi_lanss11_attservice => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: HitmanProScheduler => 2
    MSCONFIG\Services: HP Support Assistant Service => 2
    MSCONFIG\Services: HPDrvMntSvc.exe => 2
    MSCONFIG\Services: hpqwmiex => 3
    MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
    MSCONFIG\Services: IObitUnSvr => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LightScribeService => 2
    MSCONFIG\Services: LiveUpdateSvc => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: PST Service => 2
    MSCONFIG\Services: RapportMgmtService => 2
    MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
    MSCONFIG\Services: RealPlayerUpdateSvc => 2
    MSCONFIG\Services: RichVideo => 2
    MSCONFIG\Services: SDScannerService => 3
    MSCONFIG\Services: SDUpdateService => 3
    MSCONFIG\Services: SDWSCService => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: WCAssistantService => 2
    MSCONFIG\Services: YahooAUService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk => C:\Windows\pss\Printkey2000.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasher.lnk => C:\Windows\pss\MailWasher.lnk.Startup
    MSCONFIG\startupreg: ABNotify => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
    MSCONFIG\startupreg: Adobe ARM => c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
    MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
    MSCONFIG\startupreg: Advanced SystemCare 10 =>
    MSCONFIG\startupreg: Advanced SystemCare 11 => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
    MSCONFIG\startupreg: Advanced SystemCare 8 =>
    MSCONFIG\startupreg: Advanced SystemCare 9 =>
    MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSCONFIG\startupreg: Automatically Log WiFi Signal Strength Over Time Software.exe =>
    MSCONFIG\startupreg: Bitdefender Wallet Agent =>
    MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    MSCONFIG\startupreg: COMODO Internet Security =>
    MSCONFIG\startupreg: CsrAudioguiCtrl => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
    MSCONFIG\startupreg: CSRHarmonySkypePlugin => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
    MSCONFIG\startupreg: CsrHCRPServer => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
    MSCONFIG\startupreg: CsrSyncMLServer => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
    MSCONFIG\startupreg: DW6 =>
    MSCONFIG\startupreg: DW7 =>
    MSCONFIG\startupreg: Google Update =>
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: HarmonyUserStartup => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
    MSCONFIG\startupreg: HP Software Update => c:\program files (x86)\hp\hp software update\hpwuschd2.exe
    MSCONFIG\startupreg: HP Update 3400C => c:\sj652\hpupdate.exe 3400c
    MSCONFIG\startupreg: HP Update 4300C =>
    MSCONFIG\startupreg: HPADVISOR => c:\program files (x86)\hewlett-packard\hp advisor\hpadvisor.exe view=dockview
    MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
    MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LightScribe Control Panel => c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe -hidden
    MSCONFIG\startupreg: Malwarebytes TrayApp =>
    MSCONFIG\startupreg: msnmsgr => "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: NortonOnlineBackupReminder =>
    MSCONFIG\startupreg: OneDrive => "C:\Users\Mark\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    MSCONFIG\startupreg: QlbCtrl.exe => c:\program files (x86)\hewlett-packard\hp quick launch buttons\qlbctrl.exe /start
    MSCONFIG\startupreg: QPService => c:\program files (x86)\hp\quickplay\qpservice.exe
    MSCONFIG\startupreg: QuickTime Task =>
    MSCONFIG\startupreg: RIMBBLaunchAgent.exe => c:\program files (x86)\common files\research in motion\usb drivers\rimbblaunchagent.exe
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: SearchSettings =>
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
    MSCONFIG\startupreg: Speccy => "c:\program files\speccy\speccy64.exe" /totray
    MSCONFIG\startupreg: Spotify => "C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mark\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    MSCONFIG\startupreg: TrayApplication => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
    MSCONFIG\startupreg: tvncontrol =>
    MSCONFIG\startupreg: UCam_Menu => c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0
    MSCONFIG\startupreg: UpdatePRCShortCut => c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\powerrecover
    MSCONFIG\startupreg: vdultimate_firefox => C:\ProgramData\VideoDownloaderUltimate\Firefox\vdultimate.exe /checkforupdate
    MSCONFIG\startupreg: vksts => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe
    MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    MSCONFIG\startupreg: WirelessAssistant => c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{ADB86070-EBFF-4C56-8403-B721F2C325B9}C:\program files (x86)\trend micro\drscanner\sdk\tmdrmon.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\sdk\tmdrmon.exe
    FirewallRules: [UDP Query User{2744C2AB-B90A-4BD4-9FF8-78CF2D366F82}C:\program files (x86)\trend micro\drscanner\sdk\tmdrmon.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\sdk\tmdrmon.exe
    FirewallRules: [TCP Query User{92D709FA-1482-4FC5-81BC-A30015770B31}C:\program files (x86)\trend micro\drscanner\drscanner.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\drscanner.exe
    FirewallRules: [UDP Query User{406C501F-BCD8-4FDE-A94C-E5AB4CC02B74}C:\program files (x86)\trend micro\drscanner\drscanner.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\drscanner.exe
    FirewallRules: [TCP Query User{29DB04A0-27E9-473E-B650-741F4A2BE700}C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe] => (Block) C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe
    FirewallRules: [UDP Query User{0D3B99D2-DA93-4895-AA05-2D5812156BB8}C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe] => (Block) C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe
    FirewallRules: [TCP Query User{9AE7C6A3-38C1-46CA-81EE-EFB6CBDFE7A8}C:\program files (x86)\erclab\phototransferapp\phototransferapp\phototransferapp.exe] => (Allow) C:\program files (x86)\erclab\phototransferapp\phototransferapp\phototransferapp.exe
    FirewallRules: [UDP Query User{82079B88-8132-4436-B655-9CFE25E2B9CA}C:\program files (x86)\erclab\phototransferapp\phototransferapp\phototransferapp.exe] => (Allow) C:\program files (x86)\erclab\phototransferapp\phototransferapp\phototransferapp.exe
    FirewallRules: [{2A9B1413-40FF-49F3-A6FC-B4D6795622B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{55F01777-0FCC-4A83-9F5F-D8C411F20EE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{4886392D-70EF-442E-B428-EDC05EABB175}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{ABC22E1C-7E2D-4165-A499-9B1E2226AA48}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{C0D6A792-9430-4A79-BBE6-D0A2A2416CB6}C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe] => (Block) C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe
    FirewallRules: [UDP Query User{41167AC4-15B9-4E0B-BBDA-08AF7935450D}C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe] => (Block) C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe
    FirewallRules: [{6041D3DF-FAF2-4BD2-8D35-D1A6FCB63416}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{82B79549-CC8D-44C5-935D-439991B95E8D}] => (Allow) C:\Program Files\Opera\49.0.2725.39\opera.exe
    FirewallRules: [{F4838C03-332F-4557-80BB-6BB2CA2E7A58}] => (Allow) C:\Program Files\Opera\49.0.2725.39\opera.exe
    FirewallRules: [{EC5634B1-24AB-4962-8F6E-F3643FC55D79}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    29-10-2017 23:14:11 Scheduled Checkpoint
    31-10-2017 08:17:43 Before installing spybot
    06-11-2017 14:37:53 Windows Backup
    06-11-2017 23:45:18 Windows Backup
    14-11-2017 22:39:06 Windows Update
    22-11-2017 13:13:39 Scheduled Checkpoint
    22-11-2017 18:46:43 Restore Operation

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/23/2017 02:22:46 PM) (Source: System Restore) (EventID: 8206) (User: )
    Description: The restore point selected was damaged or deleted during the restore (Scheduled Checkpoint).

    Error: (11/23/2017 01:36:21 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Exception code: 0xc0000005
    Fault offset: 0x0000000000006f58
    Faulting process id: 0x5f4
    Faulting application start time: 0x01d3647d3c54e5ec
    Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Report Id: 33010e91-d07d-11e7-bde9-001f16ed4bf8

    Error: (11/23/2017 12:10:03 PM) (Source: System Restore) (EventID: 8206) (User: )
    Description: The restore point selected was damaged or deleted during the restore (Windows Backup).

    Error: (11/23/2017 11:28:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Exception code: 0xc0000005
    Fault offset: 0x0000000000006f58
    Faulting process id: 0x4f0
    Faulting application start time: 0x01d3646d7efb2cdd
    Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Report Id: 50096d9d-d06b-11e7-85cb-001f16ed4bf8

    Error: (11/23/2017 10:05:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Exception code: 0xc0000005
    Fault offset: 0x0000000000006f58
    Faulting process id: 0x4f0
    Faulting application start time: 0x01d364596c9aebc4
    Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Report Id: c42cac8e-d05f-11e7-bf40-001f16ed4bf8

    Error: (11/23/2017 12:23:13 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Exception code: 0xc0000005
    Fault offset: 0x0000000000006f58
    Faulting process id: 0x4c4
    Faulting application start time: 0x01d36412ce6f5283
    Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Report Id: 664ec8a8-d00e-11e7-8200-001f16ed4bf8

    Error: (11/22/2017 11:27:22 PM) (Source: System Restore) (EventID: 8206) (User: )
    Description: The restore point selected was damaged or deleted during the restore (Before installing spybot).

    Error: (11/22/2017 10:40:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Exception code: 0xc0000005
    Fault offset: 0x0000000000006f58
    Faulting process id: 0x410
    Faulting application start time: 0x01d364062387e311
    Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Report Id: 13f8fe69-d000-11e7-822d-001f16ed4bf8

    Error: (11/22/2017 09:56:09 PM) (Source: System Restore) (EventID: 8206) (User: )
    Description: The restore point selected was damaged or deleted during the restore (Windows Backup).

    Error: (11/22/2017 09:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
    Exception code: 0xc0000005
    Fault offset: 0x0000000000006f58
    Faulting process id: 0x46c
    Faulting application start time: 0x01d363f6ac7201f6
    Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
    Report Id: 13529053-cff5-11e7-8ae3-001f16ed4bf8


    System errors:
    =============
    Error: (11/25/2017 09:22:27 AM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error: (11/25/2017 09:16:00 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (11/25/2017 09:02:21 AM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error: (11/25/2017 08:56:04 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (11/25/2017 08:56:04 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (11/25/2017 08:56:04 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (11/25/2017 08:51:40 AM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error: (11/25/2017 08:49:54 AM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error: (11/25/2017 08:47:34 AM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error: (11/25/2017 08:45:52 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 8:40:31 AM on ‎11/‎25/‎2017 was unexpected.


    CodeIntegrity:
    ===================================
    Date: 2017-11-25 08:45:17.387
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-25 08:45:15.968
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-23 15:21:07.860
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-23 15:21:06.456
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-23 14:44:05.671
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-23 14:44:04.283
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-23 14:18:46.799
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-23 14:18:45.426
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-23 12:04:18.737
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-23 12:04:17.333
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
    Percentage of memory in use: 72%
    Total physical RAM: 3003.19 MB
    Available physical RAM: 833.2 MB
    Total Virtual: 6004.38 MB
    Available Virtual: 3361.17 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:286.03 GB) (Free:91.28 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:11.87 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 135C058F)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  15. #15
    Join Date
    Nov 1999
    Posts
    438
    Thx, I should have thought of that.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

Thread Information

Users Browsing this Thread

There are currently 4 users browsing this thread. (0 members and 4 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •